SANS ISC InfoSec Forums

Not really, but it seems like that is what we are all getting. It has definately been the trend over this past year. There have been so many exploits, zero days, month of bugs, week of bugs etc. that its hard to keep track of all of them. The Internet is literally crawling with them (yes, pun intended). January is supposed to be the month of the Apple bugs. Its going to be an interesting new year that's for sure. So, here are some of the newer exploits that we are all getting for Christmas, whether we want them or not!

Oracle: There are two new exploits out for Oracle. One lets you read and write operating system files and the other is a directory traversal bug that lets you execute arbitrary commands. With both of these, the attacker runs with the privileges of the RDBMS user.

These are in addition to the other vulnerabilties that we have already covered. So before you take off for the holidays, if you aren't using something or no one will need a particular service while your gone, it might be a good idea to block it or turn it off.